RE: syslog config

From owner-freebsd-stable Tue Jul 17 12:58:59 2001 Delivered-To: freebsd-stable@freebsd.org Received: from mail.rivenet.com (dns2.rivenet.com [63.150.23.98]) by hub.freebsd.org (Postfix) with ESMTP id 4919937B405 for ; Tue, 17 Jul 2001 12:58:53 -0700 (PDT) (envelope-from kkanno@rivenet.com) Received: from ex02.ad.rivenet.com (ex02.ad.rivenet.com [10.10.0.15]) by mail.rivenet.com (Postfix) with ESMTP id 6113A64C0A; Tue, 17 Jul 2001 14:58:52 -0500 (CDT) Received: by ex02.ad.rivenet.com with Internet Mail Service (5.5.2653.19) id ; Tue, 17 Jul 2001 14:58:52 -0500 Message-ID: <0C3A66859AEF6E42A1B4AB53307B77AA0AF4D3@ex02.ad.rivenet.com> From: "Kanno, Ken" To: 'Mike Hoskins' Cc: "'stable@freebsd.org'" Subject: RE: syslog config Date: Tue, 17 Jul 2001 14:58:46 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C10EFA.E34CAB30" Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C10EFA.E34CAB30 Content-Type: text/plain; charset="iso-8859-1" When I removed the "*.notice" as you suggested, nothing gets logged at all, period. -----Original Message----- From: Mike Hoskins [mailto:mike@adept.org] Sent: Tuesday, July 17, 2001 2:26 PM To: Kanno, Ken Cc: 'stable@freebsd.org' Subject: Re: syslog config On Tue, 17 Jul 2001, Kanno, Ken wrote: > Jul 17 13:34:41 <4.5> gateway Jul 17 2001 12:35:27: %PIX-5-304001: 10.10.2.1 > Accessed URL 206.40.47.5:/questions.html > Jul 17 13:34:43 <4.5> gateway Jul 17 2001 12:35:30: %PIX-5-304001: 10.10.2.1 > Accessed URL 205.188.140.249:/image/93007873/aim/ Yikes. Do you really need to log this religiously? I crank my PIX log levels down a bit on purpose. But I'm in a smaller office where I trust everyone enough to not want/need to look at URLs they're accessing. I'd like to trim it down when it works properly. > I saw no examples under man for syslog, syslogd or syslog.conf Not entirely true. True enough to where where what I want to do does not work and I don't know why or know where to look next. > # $FreeBSD: src/etc/syslog.conf,v 1.13.2.2 2001/02/26 09:26:11 phk Exp $ > # > # Spaces are NOT valid field separators in this file. > # Consult the syslog.conf(5) manpage. > *.err;kern.debug;auth.notice;mail.crit /dev/console > *.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages ^^^^^^^^ Here's your problem. ALL notice messages go to /var/log/messages regardless of where else they're routed. Since you're using a facility of local4 on the PIX, I'd suggest adding 'local4.none' to the line above. That will prevent local4.notice messages from being sent to /var/log. Later, -Mike ------_=_NextPart_001_01C10EFA.E34CAB30 Content-Type: text/html; charset="iso-8859-1" RE: syslog config

When I removed the "*.notice" as you suggested, nothing gets logged at all, period.

-----Original Message-----
From: Mike Hoskins [mailto:mike@adept.org]
Sent: Tuesday, July 17, 2001 2:26 PM
To: Kanno, Ken
Cc: 'stable@freebsd.org'
Subject: Re: syslog config

On Tue, 17 Jul 2001, Kanno, Ken wrote:

> Jul 17 13:34:41 <4.5> gateway Jul 17 2001 12:35:27: %PIX-5-304001: 10.10.2.1
> Accessed URL 206.40.47.5:/questions.html
> Jul 17 13:34:43 <4.5> gateway Jul 17 2001 12:35:30: %PIX-5-304001: 10.10.2.1
> Accessed URL 205.188.140.249:/image/93007873/aim/

Yikes. Do you really need to log this religiously? I crank my PIX log
levels down a bit on purpose. But I'm in a smaller office where I trust
everyone enough to not want/need to look at URLs they're accessing.

I'd like to trim it down when it works properly.

> I saw no examples under man for syslog, syslogd or syslog.conf

Not entirely true.

True enough to where where what I want to do does not work and I don't know why or know where to look next.

> # $FreeBSD: src/etc/syslog.conf,v 1.13.2.2 2001/02/26 09:26:11 phk Exp $
> #
> #       Spaces are NOT valid field separators in this file.
> #       Consult the syslog.conf(5) manpage.
> *.err;kern.debug;auth.notice;mail.crit          /dev/console
> *.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages
^^^^^^^^
Here's your problem. ALL notice messages go to /var/log/messages
regardless of where else they're routed. Since you're using a facility of
local4 on the PIX, I'd suggest adding 'local4.none' to the line
above. That will prevent local4.notice messages from being sent to
/var/log.

Later,
-Mike

------_=_NextPart_001_01C10EFA.E34CAB30-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message